Dell Finds and Solves Major Flaws In Firmware Update Driver

Infosec research firm, SentinelLabs recently uncovered 12-year-old flaws in Dell’s firmware updater, DBUtil 2.3.

The research firm discovered five serious vulnerabilities in the vulnerable firmware updater, which has been installed by default on hundreds of millions of Dell systems since 2009.

Although it may not be a remote code execution vulnerability, meaning that a hacker cannot use it directly to compromise the user’s systems, it is still considered a major risk, since an attacker who receives an unprivileged shell through another vulnerability can use it to bypass security controls.

Since SentinelLabs notified the company in December 2020, Dell has provided documentation of the vulnerabilities and mitigation instructions, which mainly come down to “remove the utility.” The tech giant has also provided a replacement driver that should be installed automatically on all affected Dell systems at the next firmware update.

For more information, read the original story in Arstechnica.

Dell Finds and Solves Major Flaws In Firmware Update Driver

Top Stories

Meta cuts jobs as it doubles down on AI

CISA exposed internal passwords and cloud keys in public repository

Jury throws out Elon Musk’s lawsuit against OpenAI and Sam Altman

U.S. carriers team up to counter Starlink’s satellite-to-phone push

ChatGPT now lets Pro users connect bank and investment accounts

Meta employees protest tracking software as layoffs loom

Related Articles

CISA exposed internal passwords and cloud keys in public repository

Canvas restores service after cyberattack disrupted schools and universities

Security researcher finds extensive tracking and security concerns inside White House mobile app

Microsoft Defender flags DigiCert root certificates as malware in false positive

TND News Desk

TND News Desk

Jim Love